FirmwareCheck tool to automate dynamic analyses of IoT-firmwares
- Project
- 17005 SCRATCh
- Description
Enables automation of dynamic analyses on firmware images. This enables tests such as checking for running services and by which users these services are run. This goes beyond static analysis of firmwares.
- Contact
- OTARIS
- office@otaris.de
- Technical features
Input(s):
- Emulates a buildroot-generated firmware that is supplied
- Alternatively runs standalone on any Linux system
Main feature(s):
- Various security checks are run, that roughly correspond to the OWASP IoT Top 10 such as checking for outdated components, default passwords, open ports, processes running as root etc.
Output(s):
- HTML-Report that describes findings
- Console-output for CI/terminal only view
- Integration constraints
Firmware needs to be generated with buildroot and it must be a QEMU compatible firmware in order to run in a CI. As an alternative, the standalone version can be run on any Linux system, but then the firmware has to be deployed to the device first.
- Targeted customer(s)
Firmware developers and DevOps, researchers testing IoT firmwares and devices.
- Conditions for reuse
Apache 2.0 License
- Confidentiality
- Public
- Publication date
- 18-03-2022
- Involved partners
- OTARIS Interactive Services GmbH (DEU)